WireGuard is an excellent replacement for OpenVPN. If you haven’t already started using it, check out my quick start guide.
A small annoyance I’ve had with WireGuard is that when I want to see who is connected, their data transfer, etc., the wg output only identifies them by their public key. E.g.:
sudo wg
peer: sX4eqmye8hqC2eu+9zJuS6Nh56UdV/foyNd5hK+gwjQ=
preshared key: (hidden)
endpoint: 1.1.1.1:54294
allowed ips: 10.0.0.2/32
latest handshake: 19 hours, 41 minutes, 52 seconds ago
transfer: 18.55 MiB received, 383.54 MiB sent
peer: /KmQaPQLRxqKOYyxvU80Y9EhspWm8UARfgi+PmVbgBY=
preshared key: (hidden)
endpoint: 2.2.2.2:56528
allowed ips: 10.0.0.3/32, 2a01:4ff:f0:e625::/128
latest handshake: 3 days, 20 hours, 55 minutes, 5 seconds ago
transfer: 1.72 MiB received, 1.96 MiB sent
To determine which user each peer corresponds to, I need to grep through the user configuration files for the key.
That is, until I found Brian Warner’s wireguard-vanity-address project. This project allows you to personalize the beginning of each user’s public key. For example, instead of my public key being:
sX4eqmye8hqC2eu+9zJuS6Nh56UdV/foyNd5hK+gwjQ=
I could instead use:
ECC/fsXYNcaCmjyrnSk9DbsAQQ9tE5lwoPp2TxxSD0kA=
ECC are my initials. It is now easy to identify me, and the other users, in the wg output.
Generating Vanity Keys
Clone the repo and build wireguard-vanity-address
git clone https://github.com/warner/wireguard-vanity-address.git
cd wireguard-vanity-address
cargo install wireguard-vanity-address
You will need to install the Rust programming language installed for this to work.
Create a key
The command takes the form:
wireguard-vanity-address <OPTIONS> <STRING>
e.g.
wireguard-vanity-address --in 4 "ecc/"
--in 4- Forces the string to appear in the first 4 characters of the key.
I want the initials to appear at the start with a separator, so I included /. Running this command gives the following:
wireguard-vanity-address --in 4 "ecc/"
searching for 'ecc/' in pubkey[0..4], one of every 2097152 keys should match
one trial takes 26.6 us, CPU cores available: 16
est yield: 3.5 seconds per key, 286.91e-3 keys/s
hit Ctrl-C to stop
private 6OjRmSZZQunvan/Ude7ccGlGoHsT/+51aGtOW0xyfUs= public eCc/thniPrcJNcaeZNRuaaeIlUeDmDrdYVfvoIZmzH0=
private mBkW/FCqM3Gs/4H+KyEfvA3pE9J/CqY8vofCGg9KX1I= public ECC/wiKEkn7LjKenDqq3u4ho2gBkj1NlJjWULllNWnw=
...
wireguard-vanity-address keeps generating new keys until you kill it with CTRL+C. I want the initials in all caps e.g. ECC so I just wait for that public key to be generated. It doesn’t take long.
My public key ECC/wiKEkn7LjKenDqq3u4ho2gBkj1NlJjWULllNWnw= now identifies me amongst other users, e.g.
ECC/wiKEkn7LjKenDqq3u4ho2gBkj1NlJjWULllNWnw=
DRH/EgqHu3uAhsyu+cA5g+LOVALcPMwbxWMLTFVeeXM=
GLC/g5aX7BKWKdf0qSqfMZhog8uMakYJBpOy0SwDTlM=
These personalized public keys make identifying users much easier going forward.